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SECTIONA 
Read the following scenario carefully. The questions in this section relate to this scenario. 
Answer ALL questions. Write your answers in the spaces provided. 
Black Country Training and Assessment Associates 


Black Country Training and Assessment (BCTAA) offers vocational-based training and 
assessment services. It specialises in working with small and medium sized businesses 
which do not wish to set up their own training departments. 


BCTAA operates from offices on the 19th floor of a 20-storey building. 


Figure 1 shows an incomplete network diagram for the BCTAA system on the 19th floor. 
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Figure 1 


1 (a) BCTAA requires secure internet access. 


(i) Complete the network diagram (Figure 1) by adding: 


« the device required for a secure internet connection. 
+ its connection to the network. 


The device may be shown as a labelled box. 
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(ii) The network includes wireless access points (WAPs). 


Explain one vulnerability of a WAP. 


(iii) The network environment must be made secure. 


DONOTWRITEINTHIS AREA 


Explain one way trusted computing can help secure the network against 


(b) BCTAAs offices are protected by an electronic door control system. 
(i) Intruders could gain entry by tailgating. 


State what is meant by tailgating. 


(ii) Card theft may enable an intruder to gain entry via the system. 


Explain one other way an intruder could gain entry via the system. 
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(c) Security threats to the BCTAA network may attack the internet connection, the 
WAPs and the door control system. 


Describe one other digital threat to the BCTAA network and an appropriate 
countermeasure for it. 
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(d) The current backup strategy for BCTAA is: 


- use RAID 1 — mirrored drives on the servers. 


a daily transfer of working files to a USB stick. There is a set of five, one for 
each day Monday to Friday, that are reused each week. 


a weekly transfer of all company data to a portable hard drive. 


« disk images for all the servers, PCs, and company laptops. 


Evaluate the effectiveness of the current backup strategy. 
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(Total for Question 1 = 22 marks) 
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2 (a) The BCTAA network has two WAPs, one for staff and one for guests. Each WAP has 
a different service set identifier (SSID). The SSIDs can be hidden. 


(i) State what an SSID is. 


(iii) Explain one consequence for guests to the BCTAA offices if the SSIDs are 


(b) Guest Wi-Fi is only required for internet access. 


The Staff WAP and the Guest WAP connect to a single managed switch. This is a 
security risk. 


Describe how the network should be changed to reduce this risk. 
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(c) BCTAA uses trainers who need to connect to BCTAA over the internet. They use a 
virtual private network (VPN), run from a BCTAA server. 


(i) Describe how this VPN functions. 


(ii) State two drawbacks for BCTAA in using the VPN to communicate with their 
trainers. 


(d) BCTAA staff log into the network with a username and password, but when they 
need to access highly confidential information, they must also plug in a USB 
security key for multi-factor authentication (MFA). 


Explain how a USB security key works. 
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(e) BCTAA is considering the use of Media Access Control (MAC) address filtering to 
protect the Staff and Guest Wi-Fi. 


Evaluate the use of MAC address filtering on the BCTAA Wi-Fi. 
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(Total for Question 2 = 23 marks) 
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3 (a) BCTAA has several servers, including a Dynamic Host Configuration Protocol 
(DHCP) server. 


When the DHCP server is configured, the administrator must enter configuration 
information, including the default gateway address. 


State two other pieces of configuration information that must be entered. 


(b) DHCP is inherently insecure, as it does not have any built-in security measures. 
This leaves DHCP open to attack. 


Describe one method of attacking the BCTAA network by exploiting DHCP. oe 
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BCTAA hosts its website on its own web server. 


It has been attacked by Structured Query Language (SQL) injection and by 
Distributed Denial of Service Attacks (DDoS) 


(i) Describe how an SQL injection attack works 
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(d) The BCTAA servers have been subject to denial-of-service attacks over the 
internet, both DoS and DDoS. 


(i) Describe the difference between DoS and DDoS attacks 


(e) BCTAA has WAPs for staff and guests. Each WAP can be configured to use Wi-Fi 


Protected Access 2 (WPA2) or WPA3. 
Evaluate the use of WPA2 and WPA3 on the BCTAA WAPs. 
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(Total for Question 3 = 23 marks) 
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4 BCTAA has a staff Password Policy. It has sections on: 
length and complexity 
password sharing 
password uniqueness 


(a) Give two other sections that a password policy should contain. 


(b) BCTAA encourages staff to use a password manager. 


(i) Explain one advantage of using a password manager 


So 
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(c) A staff member thinks that their password manager may have been 
compromised. 


The IT Manager takes a physical image of the tablet’s entire drive, rather than a 
targeted image of the files related to the password manager. 


(i) Explain why the physical image is made instead of the targeted image. 
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(d) The physical image contains copies of the tablet’s log files. 


Explain which log file is likely to contain evidence about the possible compromise 
of the password manager. 
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(e) A plan of BCTAAs offices on the 19th floor is shown in Figure 2. 


The lifts, stairwells, WCs and associated areas are open to the public. The 
remaining area is a single open space which can be partitioned to create rooms or 
workspaces. 


Threats already identified include the use of a single switch for WAPs, no MAC 
filtering, the backup process and the use of a password manager. 
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Figure 2 


Evaluate the management of security threats to the BCTAA offices in this scenario, 
that have not been previously identified. 
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(Total for Question 4 = 22 marks) 


TOTAL FOR SECTION A = 90 MARKS 
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General marking guidance 


e All students must receive the same treatment. Examiners must mark the first 
student in exactly the same way as they mark the last. 


e Mark schemes should be applied positively. Students must be rewarded for what 
they have shown they can do rather than be penalised for omissions. 


e Examiners should mark according to the mark scheme, not according to their 
perception of where the grade boundaries may lie. 


e All marks on the mark scheme should be used appropriately. 


e All the marks on the mark scheme are designed to be awarded. Examiners 
should always award full marks if deserved. Examiners should also be prepared 
to award zero marks if the student's response is not rewardable according to the 
mark scheme. 


e Where judgement is required, a mark scheme will provide the principles by which 
marks will be awarded. 


e When examiners are in doubt regarding the application of the mark scheme to a 
student's response, a senior examiner should be consulted. 

e Crossed out work should be marked unless the student has replaced it with an 
alternative response. 

e Accept incorrect/phonetic spelling (as long as the term is recognisable) unless 
instructed otherwise. 
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Edexcel and BTEC Qualifications 


Edexcel and BTEC qualifications come from Pearson, the world’s leading learning 
company. We provide a wide range of qualifications including academic, vocational, 
occupational and specific programmes for employers. For further information visit 


our qualifications website at http://qualifications.pearson.com/en/home.html for our 
BTEC qualifications. 


Alternatively, you can get in touch with us using the details on our contact us page 
at http://qualifications.pearson.com/en/contact-us.html 


If you have any subject specific questions about this specification that require the 
help of a subject specialist, you can speak directly to the subject team at Pearson. 
Their contact details can be found on this link: 
http://qualifications.pearson.com/en/support/support-for-you/teachers.html 


You can also. use  our- online Ask. the Expert’ service’ at 
https://www.edexcelonline.com 
You will need an Edexcel Online username and password to access this service. 
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Question Answer Mark 
Number 
1 ai Award one mark for Firewall as a device/box/shape. 2 
Award one mark for the Firewall device/box/shape 
connected to the router by a solid line. 


Electronic door 
Control system Guest WiFi and 
m mobile devices 4 


WiFi router with optical fibre 
and CAT6 connections a 


ee 


Firewall ea Staff PCs 
Main oe 4 


Staff WiFi and 
mobile devices 


Servers 


Question Answer Mark 
Number 
1 aii Award one mark for a reason, and one mark for an 2 
appropriate linked expansion, up to a maximum of two 
marks. 


e WiFi can be accessed from public areas (1) 
because radio signals pass outside the offices/go 
through the walls (1) 

e WiFi is available to guests (1) they may bring in 
malware (on their devices) (1) 


Accept any other appropriate/alternative response. 


Question Answer Mark 
Number 
1 aiii Award one mark for a way, and one mark for an 2 
appropriate linked justification/expansion, up to a 
maximum of two marks. 


e reduces the risk of cyber-attacks (1) provides 
another layer/two-step verification/encryption 
key/protection/increased security (1) 

e prevent disruption of network functions (1) 
defends against external threats/malware to 
minimise network disruption (1) 


Accept any other appropriate/alternative response. 
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Question Answer Mark 


Number 
1 bi Award one mark for the following: : 
e following an (authorised) person through the 
door before it shuts (1) 

Accept any other appropriate/alternative response. 
Question Answer Mark 
Number 
1 bii Award one mark for a process, and one mark for an 2 

appropriate linked expansion, up to a maximum of two 

marks. 


e card cloning/skimming where a card is ‘read’ (1) 
and copied onto a new card/device (1) 

e signal interception/range extension where the 
card is read by one device (1) and the signal 
transmitted to another device/the door reader 
(to open the door) (1) 


Accept any other appropriate/alternative response. 


Do not accept any form of theft/borrowing of the card. 
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Question Answer Mark 
Number 
1c Award one mark for each appropriate point in a linked | 4 
description up to a maximum of four marks. 


e identification of an electronic threat (1) 

e identification of a suitable countermeasure (1) 

e description of how the countermeasure is 
enabled (1) 

e description of how it reduces the threat (1) 


Examples: 


e malware on USB (1) 

e use a PCs BIOS settings (1) 

e disable USB input (1) 

e USB sticks cannot be used to insert a virus (1) 


or 
e incorrect access level settings (1) 


e use admin settings/group policy/security settings 
on the server (1) 

e set the correct group/level/policy (1) 

e user access is restricted/limited to specific 
files/areas (1) 


Points in a process must be the correct position to gain 
marks. 


Accept any other appropriate/alternative response. 


Do not accept: 
e physical threats 


e threats from the internet 
e threats to the WAP 
e threats to the door controls 
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Question Answer Mark 
Number 
1d Responses will be credited according to the student’s 9 
demonstration of knowledge and understanding of the 
material, using the indicative content and level 
descriptors below. 


The indicative content that follows is not prescriptive. 
Responses may cover some or all indicative content, but 
students should be rewarded for other relevant 
responses. 


Students will evaluate the effectiveness of the backup 
strategy. 


Mirrored drives: 


e not for backup 
e used to stop data loss when a drive fails 
e corruption/virus etc on one would affect both 


USB for daily backup: 


e possible but slow to write, especially if lots of 
data 

e possibility of losing/mislaying 

e easily damaged/ accidentally corrupted 

e relies on personal security when travelling/at 
home 


Portable drive for weekly backup: 


e similar to USB problems 
e all eggs in one basket 


Disk images: 


e not strictly backup but possible solution for 
disaster recovery/reset for new user, especially 
for laptops and PCs 

e server disks need to be kept secure and have a 
copy not at BCTAA in case of fire etc. 
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Mark scheme (award up to 9 marks) refer to the Levels-Based Mark Scheme 
Guidance for how to apply levels-based mark schemes*. 


Level Mark | Descriptor 
Level 0 0 No rewardable material 
Level 1 1-3 e Demonstrates basic application of knowledge and 


understanding that is partially relevant to the context of the 
question and may consider only one side of the context 
(AQO2) 

e Demonstrates a basic analysis of the situation by 
superficially breaking down the different aspects into their 
component parts. (AO3a) 

e Demonstrates a basic evaluation which partially considers 
different factors/events and competing points, leading to a 
conclusion which is superficial or unsupported. (AO3b) 

Level 2 4-6 e Demonstrates good application of knowledge and 
understanding that is relevant to the context of the question 
and considers both sides of the context. (AO2) 

e Demonstrates a good analysis of the situation by breaking 
down the different aspects into their component parts. 
(AO3a) 

e Demonstrates a good evaluation which considers different 
factors/events and competing points, leading to a conclusion 
which is partially supported. (AO3b) 

Level 3 7-9 e Demonstrates comprehensive application of knowledge and 
understanding that is consistently relevant to the context of 
the question and considers both sides of the context in a 
balanced way. (AO2) 

e Demonstrates a thorough analysis of the situation by 
comprehensively breaking down the different aspects into 
their component parts. (AO3a) 

e Demonstrates a thorough evaluation which comprehensively 
considers different factors/events and competing points, 
leading to a conclusion which is well supported. (AO3b) 
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Question Answer Mark 
Number 
2 ai Award one mark for the following: 1 
e the name broadcast (by a Wi-Fi network) (1) 
Accept any other appropriate/alternative response. 
Question Answer Mark 
Number 
2 aii Award one mark for the following: 1 
e to allow the identification/log on to the correct 
network (1) 
Accept any other appropriate/alternative response. 
Question Answer Mark 
Number 
2 aiii Award one mark for a reason, and one mark for an 2 
appropriate linked expansion, up to a maximum of two 
marks. 


e guests’ device may try to disconnect/connect to 
other network (1) as OS prefers SSID networks 
over non-SSID (1) 

e guests will have to ask (staff) for Wi-Fi details 
(1) as they cannot see the network on their 
(mobile) devices (1) 

e guests may need to set-up auto-reconnect (for 
future visits) (1) device then pings/uses extra 
power when away from the network (1) 

e guests will need to ask for/enter network details 
on each visit (1) this is time consuming/poor 
customer relations (1) 


Accept any other appropriate/alternative response. 


Do not accept answers relating to 
problems/inconvenience for staff. 
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Question Answer Mark 
Number 
2b Award one mark for each appropriate point in a linked 3 
description up to a maximum of three marks. 
e use asecond switch (1) 
e to divide/segment the network (1) 
e so that guest traffic 
o only connects to the router/internet access 
point (1) 
o does not use/access the rest of the network 
(1) 
Points in a process must be the correct position to gain 
marks. 
Accept any other appropriate/alternative response. 
Question Answer Mark 
Number 
2 ci Award one mark for each appropriate point in a linked 3 
description up to a maximum of three marks. 
e establishes a protected/private/direct connection 
(1) 
e encrypts the data (1) 
e reduces risk of interception/man-in-the-middle 
attack (1) 
e doesn’t route through/reduces routing through 
third party servers (1) 
Accept any other appropriate/alternative response. 
Do not accept answers relating to VPN run by a third 
party. 
Question Answer Mark 
Number 
2 cil Award one mark for each point up to a maximum of 2 
two marks. 
e cost of running the server/VPN (1) 
e VPN is (usually) slower than normal internet 
traffic (1) 
e VPN uses more data than normal internet traffic 
(1) 
e VPN may be illegal if trainers are in some foreign 
countries (1) 
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Question Answer Mark 


Number 
2d Award one mark for an identification, and one mark for | 2 
an appropriate linked expansion, up to a maximum of 
two marks. 
e USB key/chip contains code/protocol(1) that can 
be read/checked by the server/network/system 
to verify identity (1) 
Only acceptable response. 
Question Answer Mark 
Number 
2e Responses will be credited according to the student’s 9 


demonstration of knowledge and understanding of the 
material, using the indicative content and level 
descriptors below. 


The indicative content that follows is not prescriptive. 
Responses may cover some or all indicative content, but 
students should be rewarded for other relevant 
responses. 


Students will evaluate the use of MAC address filtering 
on the BCTAA Wi-Fi 


Staff: 


e would need to set-up list once 
e only need to modify for new devices 
e helps prevent intrusion by unlisted devices 


Guests: 


e would need to set-up new entries for each new 
guest/guest device 

e takes more time and resources 

e WAPs often have limited size MAC list which 
could cause problems if there are many 
guests/devices 

e inconvenient for new guests - would ned to 
know/find their MAC address 

e extra security is not needed on Guest Wi-Fi 


General: 


e helps with security but cost-benefit is different 
for Staff/Guest network 

e MAC addresses can be spoofed so only medium 
security 
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Mark scheme (award up to 9 marks) refer to the Levels-Based Mark Scheme 
Guidance for how to apply levels-based mark schemes*. 


Level Mark | Descriptor 
Level 0 0 No rewardable material 
Level 1 1-3 e Demonstrates basic application of knowledge and 


understanding that is partially relevant to the context of the 
question and may consider only one side of the context 
(AQO2) 

e Demonstrates a basic analysis of the situation by 
superficially breaking down the different aspects into their 
component parts. (AO3a) 

e Demonstrates a basic evaluation which partially considers 
different factors/events and competing points, leading to a 
conclusion which is superficial or unsupported. (AO3b) 

Level 2 4-6 e Demonstrates good application of knowledge and 
understanding that is relevant to the context of the question 
and considers both sides of the context. (AO2) 

e Demonstrates a good analysis of the situation by breaking 
down the different aspects into their component parts. 
(AO3a) 

e Demonstrates a good evaluation which considers different 
factors/events and competing points, leading to a conclusion 
which is partially supported. (AO3b) 

Level 3 7-9 e Demonstrates comprehensive application of knowledge and 
understanding that is consistently relevant to the context of 
the question and considers both sides of the context in a 
balanced way. (AO2) 

e Demonstrates a thorough analysis of the situation by 
comprehensively breaking down the different aspects into 
their component parts. (AO3a) 

e Demonstrates a thorough evaluation which comprehensively 
considers different factors/events and competing points, 
leading to a conclusion which is well supported. (AO3b) 


Question Answer Mark 
Number 
3a Award one mark for any of the following, up to a 2 


maximum of two marks. 


e range of (available) IP addresses (1) 
e fixed IP addresses (1) 
e lease length (1) 


Accept any other appropriate/alternative response. 
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Question Answer Mark 
Number 
3b Award one mark for each appropriate point in a linked 3 
description up to a maximum of three marks. 


e spoofing/using a false/rogue DHCP server (1) 

e to supply clients/devices with fake/wrong 
configuration information (1) 

e to enable man-in-the-middle attack (1) / to 
disrupt/prevent network traffic (1) 


or 
e spoofing/using a false/rogue DHCP client (1) 
e to make repeated (DHCP) requests (1) 
e to use up the available addresses (1) / to 
disrupt/prevent network traffic (1) 


Points in a process must be the correct position to gain 
marks. 


Accept any other appropriate/alternative response. 


Question Answer Mark 
Number 
3 ci Award one mark for each appropriate point in a linked 3 
description up to a maximum of three marks. 


e query input to (online) database (1) 

e (query) contains SQL statement/instruction 
written/designed to cause unauthorised action 
(1) 

e to reveal/attack/steal/disrupt/delete data (1) 


Points in a process must be the correct position to gain 
marks. 


Accept any other appropriate/alternative response. 
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Question Answer Mark 
Number 
3 cii Award one mark for an identification, and one mark for | 2 

an appropriate linked expansion, up to a maximum of 

two marks. 

e only allow pre-made queries/selection from 
query list (1) to prevent rogue SQL (statements) 
from being run/executed (1) 

or 

e use a script or web application firewall (1) to 
sanitise/check/test SQL statements before they 
run (1) 

Accept any other appropriate/alternative response. 
Question Answer Mark 
Number 
3 di Award one mark for each appropriate point in a linked 2 
description up to a maximum of two marks. 

e DoS attack comes from single 
device/source/system/IP address (1) 

e DDoS involves multiple 
devices/sources/systems/IP addresses (1) 

Only acceptable responses. 
Question Answer Mark 
Number 
3 dii Award one mark for an identification, and one mark for | 2 

an appropriate linked expansion, up to a maximum of 

two marks. 

e server/gateway receives/is sent large number of 
pings/packets/service requests (1) so that the 
server/system is overwhelmed/cannot service all 
the requests (1) 

or 

e server/gateway receives/is sent large number of 
pings/packets/service requests (1) so that the 
server/system slows/stops/crashes/is unable to 
perform normal functions (1) 

Accept any other appropriate/alternative response. 
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Question Answer Mark 
Number 
3e Responses will be credited according to the student’s 9 
demonstration of knowledge and understanding of the 
material, using the indicative content and level 
descriptors below. 


The indicative content that follows is not prescriptive. 
Responses may cover some or all indicative content, but 
students should be rewarded for other relevant 
responses. 


Students will evaluate the use of WPA2 and WPA3 on 
the BCTAA WAPs 


Handshake: 


e WPA2 uses the Pre-Shared Key (PSK) exchange 
WPA3 uses Simultaneous Authentication of 
Equals (SAE) 


Encryption/data transfer: 


e WPA3 has faster encryption rates but requires 
more processing power 

e Both use AES but WPA3 uses/can use (depending 
on version) longer encryption strings (up to AES- 
256) 

e WPA3 more resistant to offline/dictionary attack 


General: 


WPAS3 is relatively new (2018) 

Older devices/OSs do not support WPA3 

WPA3 is more secure 

BCTAA can ensure staff devices are compatible 
with WPA3 

e Guest devices may not be compatible with WPA3 
e Guest devices capable of using WPA3 will have 
legacy compatibility with WPA2 


Pearson Level 3 Alternative Academic Qualification BTEC National in Information Technology (Extended Certificate) 
Sample Assessment Materials - Unit 2: Cyber Security and Incident Management - Issue 1 - July 2024 © Pearson Education Limited 2024 


Mark scheme (award up to 9 marks) refer to the Levels-Based Mark Scheme 
Guidance for how to apply levels-based mark schemes*. 


Level Mark | Descriptor 
Level 0 0 No rewardable material 
Level 1 1-3 e Demonstrates basic application of knowledge and 


understanding that is partially relevant to the context of the 
question and may consider only one side of the context (AOQ2) 

e Demonstrates a basic analysis of the situation by superficially 
breaking down the different aspects into their component 
parts. (AO3a) 

e Demonstrates a basic evaluation which partially considers 
different factors/events and competing points, leading to a 
conclusion which is superficial or unsupported. (AO3b) 

Level 2 4-6 e Demonstrates good application of knowledge and 
understanding that is relevant to the context of the question 
and considers both sides of the context. (AO2) 

e Demonstrates a good analysis of the situation by breaking 
down the different aspects into their component parts. 
(AO3a) 

e Demonstrates a good evaluation which considers different 
factors/events and competing points, leading to a conclusion 
which is partially supported. (AO3b) 

Level 3 7-9 e Demonstrates comprehensive application of knowledge and 
understanding that is consistently relevant to the context of 
the question and considers both sides of the context in a 
balanced way. (AO2) 

e Demonstrates a thorough analysis of the situation by 
comprehensively breaking down the different aspects into 
their component parts. (AO3a) 

e Demonstrates a thorough evaluation which comprehensively 
considers different factors/events and competing points, 
leading to a conclusion which is well supported. (AO3b) 
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Question Answer Mark 
Number 
4a Award one mark for any of the following up to a 2 
maximum of two marks: 
e password reuse/recycling (1) 
e password changing/expiry (1) 
e failed logins — threshold/number allowed (1) 
e failed logins —- recovery procedure (1) 
Accept any other appropriate/alternative response. 
Do not accept: 
e password length and complexity 
e password sharing 
e password uniqueness. 
Question Answer Mark 
Number 
4 bi Award one mark for an identification, and one mark for | 2 
an appropriate linked expansion, up to a maximum of 
two marks. 
e password manager generates a (complex) 
password (1) to ensure higher security 
passwords are used (1) 
e single point of password storage (1) so only the 
master password needs to be memorised (1) 
e password manager is cloud-based (1) so it can 
be accessed on multiple devices (1) 
Accept any other appropriate/alternative response. 
Question Answer Mark 
Number 
4 bii Award one mark for an identification, and one mark for | 2 
an appropriate linked expansion, up to a maximum of 
two marks. 
e single point of failure/place to attack (1) so can 
lose all passwords at once (1) 
e some expertise needed to set it up/maintain (1) 
configuration errors can leave passwords 
vulnerable (1) 
e may store data in the cloud (1) relying on third 
party security (1) 
Accept any other appropriate/alternative response. 
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Question Answer Mark 
Number 
4 ci Award one mark for an identification, and one mark for | 2 


an appropriate linked expansion, up to a maximum of 
two marks. 


e physical image contains deleted files/data 
fragments/part files (1) so previous/deleted 
copies/versions of the password manager/files 
can be seen/examined (1) 

e targeted image only has latest/entire/current 
version/file (1) so cannot see deleted/altered 
versions (1) 


Accept any other appropriate/alternative response. 


Question Answer Mark 
Number 
4 cii Award one mark for each appropriate point in a linked 3 
description up to a maximum of three marks. 


e connect tablet to device/USB with 
forensic/copying/imaging/scanning 
software/program (1) 

e block/stop any write operations on the tablet (1) 

e take a bit-by-bit/exact/mirror copy of the drive 
(1) 


e log time-date/document the action (1) 


Points in a process must be the correct position to gain 
marks. 


Accept any other appropriate/alternative response. 


Question Answer Mark 
Number 
4d Award one mark for an identification, and one mark for | 2 


an appropriate linked expansion, up to a maximum of 
two marks. 


e application/app log (1) because it shows when 
the password manager was run/started/stopped 
(1) 

e event log (1) because it shows user/system 
activities (1) 


Accept any other appropriate/alternative response 
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Question Answer Mark 
Number 
4e Responses will be credited according to the student’s 9 
demonstration of knowledge and understanding of the 
material, using the indicative content and level 
descriptors below. 


The indicative content that follows is not prescriptive. 
Responses may cover some or all indicative content, but 
students should be rewarded for other relevant 
responses. 


Students will evaluate the management of security 
threats to the BCTAA offices. Threats should be within 
the offices/floor. External threats should not be 
considered. 


Threats/vulnerabilities mentioned in the paper: 


e WAPs 

e door controls 

e passwords/login 

e DHCP 

e poor backup procedures 


Threats/vulnerabilities implied by the scenario/figures: 


e eavesdropping, physical and electronic, from 
public areas 

e eavesdropping from floors above/below 

e clients/visitors overhearing sensitive 
conversations/seeing sensitive material on 
screen 

e clients/visitors could get access to BCTAA 
systems/ unattended devices 

e clients/visitors could exploit USB/Bluetooth for 
malicious uses 


Security of threats: Novel observations of the security 
such as the ones in italics, should gain credit. Rehashing 
of items/answers mentioned in the paper should not be 
credited: 


e door controls — no card protection/screening 

e use of multi-factor authentication 

e no port security on switch 

e limit number of MAC addresses allowed per port 

e no sound insulation 

e use of protected rooms for sensitive discussions 

e WAP range 

e radio/WiFi shielding 

e lock unattended devices/screens 

e guests not being accompanied 

e security of Bluetooth/USB/other means of access 
by blocking/disabling/encryption 
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Mark scheme (award up to 9 marks) refer to the Levels-Based Mark Scheme 
Guidance for how to apply levels-based mark schemes*. 


Level Mark | Descriptor 
Level 0 0 No rewardable material 
Level 1 1-3 e Demonstrates basic application of knowledge and 


understanding that is partially relevant to the context of 
the question and may consider only one side of the context 
(AQ2) 

e Demonstrates a basic analysis of the situation by 
superficially breaking down the different aspects into their 
component parts. (AO3a) 

e Demonstrates a basic evaluation which partially considers 
different factors/events and competing points, leading to a 
conclusion which is superficial or unsupported. (AO3b) 

Level 2 4-6 e Demonstrates good application of knowledge and 
understanding that is relevant to the context of the 
question and considers both sides of the context. (AO2) 

e Demonstrates a good analysis of the situation by breaking 
down the different aspects into their component parts. 
(AO3a) 

e Demonstrates a good evaluation which considers different 
factors/events and competing points, leading to a 
conclusion which is partially supported. (AO3b) 

Level 3 7-9 e Demonstrates comprehensive application of knowledge 
and understanding that is consistently relevant to the 
context of the question and considers both sides of the 
context in a balanced way. (AO2) 

e Demonstrates a thorough analysis of the situation by 
comprehensively breaking down the different aspects into 
their component parts. (AO3a) 

e Demonstrates a thorough evaluation which 
comprehensively considers different factors/events and 
competing points, leading to a conclusion which is well 
supported. (AO3b) 
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